Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving.
Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts.
They dropped by the Threatpost podcast recently to share tips on DevSecOps, including:
How to build a continual testing, monitoring, and feedback processes to drive down application risk. Developing a continuous approach to application security and DevOps security tools. Why collaboration and continual feedback is essential across development, cloud and security teams.
…as well as how to deal with the boatload of animosity between development and security teams. One tip: Assume positive intent!